thoughts on one time pads
John Denker
jsd at av8n.com
Fri Jan 27 14:31:39 EST 2006
Dave Howe wrote:
> Hmm. can you selectively blank areas of CD-RW?
Sure, you can. It isn't soooo much different from rewriting any
other type of disk.
There are various versions of getting rid of a disk file.
1) Deletion: Throwing away the pointer and putting the blocks back
on the free list. This is well known to be grossly insecure.
2) Zeroizing the blocks in place (followed by deletion). This
is vastly better, but still not entirely secure, because there
are typically stray remnants of the pattern sitting "beside"
the nominal track, and a sufficiently-determined adversary
may be able to recover them.
3) Trashing the blocks, i.e. overwriting them in place with
crypto-grade random numbers (followed by optional zeroizing,
followed by deletion). This makes it harder for anyone to
recover strays.
4) Half-track trashing. This requires wizardly disk hardware,
which shifts the head half a track either side of nominal,
and *then* writes random numbers. I might be persuaded that
this really gets rid of strays.
5) Grinding the disk to dust. AFAIK this is the only NSA-approved
method. A suitable grinder costs about $1400.00.
http://cdrominc.com/product/1104.asp
One drawback with this is that you have to destroy a whole
disk at a time. That's a problem, because if you have a
whole disk full of daily keys, you want to destroy each
day's key as soon as you are through using it. There
are ways around this, such as reading the disk into volatile
RAM and then grinding the disk ... then you just have to make
sure the RAM is neither more volatile nor less volatile than
you wanted it to be. That is, you use the disk for *distribution*
but not necessarily for intermediate-term storage.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list